• The KIPS Transactions:PartC
• /
• v.13C no.3 s.106
• /
• pp.295-302
• /
• 2006

An intrusion detection system writes a lot of alarms against attack behaviors in real time. These alarms contain not only actual attack alarms, but also false alarms that are mistakes made by the intrusion detection system. False alarms are the main reason that reduces the efficiency of the intrusion detection system, and we propose framework for false alarms analysis in the paper. Also, we apply an incremental data mining method for pattern analysis of false alarms increasing continuously. The framework consists of GUI, DB Manager, Alert Preprocessor, and False Alarm Analyzer. We analyze the false alarms increasingly through the experiment of the proposed framework and show that false alarms are reduced by applying the analyzed false alarm rules in the intrusion detection system.

• Journal of Korean Society of Water and Wastewater
• /
• v.25 no.6
• /
• pp.847-859
• /
• 2011

This paper presents an alarm system for the integrated monitoring and control station of waterworks in Daegu City. An alarm system informs the operator or other responsible individuals about the abnormality in the process so that an appropriate action can be taken. In practice, operators receive far more false and nuisance alarms than valid and useful alarms. Too many false and nuisance alarms can distract the operator from operating the plant, and thus critical alarms may be ignored. This problem can lead to the point that the operator no longer trusts the alarms or even shuts down the whole monitoring system. This paper proposes an efficient method to reduce false and nuisance alarms by prioritizing every fault using the Fault Tree Analysis (FTA) technique. The effectiveness of the proposed method is evaluated with a set of computer simulation under various faulty conditions.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.1
• /
• pp.111-115
• /
• 2008

We present a simple and effective method to reduce loop-related false alarms raised by buffer-overrun static program analyzer. Interval domain buffer-overrun analyzer raise many false alarms in analyzing programs that frequently use loops and arrays. Firstly, we classified patterns of loop-related false alarms for loop-intensive programs, such as embedded programs or mathematical libraries. After that we designed a simple and effective false alarm refiner, specialized for the loop-related false alarms we classified. After the normal analysis of program in which alarms considered as false. We implemented this method on our buffer-overrun analyzer with the result that our refinement method decreased the number of false alarms by 32% of total amount the analyzer reported.

• Journal of KIISE:Software and Applications
• /
• v.37 no.12
• /
• pp.942-945
• /
• 2010

In order to reduce the efforts to inspect the reported alarms from a static buffer overflow analyzer, we present an effective method to filter out redundant alarms. In the static analysis, a sequence of multiple alarms are frequently found due to the same cause in the code. In such a case, it is sufficient and reasonable for programmers to examine the first alarm instead of the entire alarms in the same sequence. Based on this observation, we devise a buffer overflow analysis that filters out redundant alarms with our context refinement technique. Our experiment with several open source programs shows that our method reduces the reported alarms by 23% on average.

• International conference on construction engineering and project management
• /
• 2022.06a
• /
• pp.261-268
• /
• 2022

In road work zones, pedestrian workers' habituated inattention to warning alarms from construction vehicles can lead to fatal accidents. Previous studies have theorized that human factors such as personality traits may affect workers' inattentiveness to workplace hazards. However, there has been no study that directly examined how road construction workers' personality traits affect their attention to warning alarms within a work zone and the likelihood of engagement in a struck-by accident. This study examines how workers' sensation-seeking (especially boredom susceptibility) is related to inattention to warning alarms while performing a task in road work zones. An experiment with actual road construction workers was conducted using a virtual road construction environment. Workers' attention to repeatedly presented warning alarms was measured using eye-tracking sensors. In response to workers' frequent inattentive behaviors, a virtual accident was simulated. Results revealed a significant association between boredom susceptibility and workers' engagement in the virtual accident, a consequence of inattentiveness to warning alarms. The findings suggest that workers' personality traits predispose them to tune out warning alarms and become vulnerable to accidents in road work zones. The findings of this study can be used to develop targeted interventions aimed at preventing workers' inattention to repeatedly exposed workplace hazards, thereby contributing to reducing fatal accidents in road work zones.

• Journal of KIISE:Software and Applications
• /
• v.33 no.5
• /
• pp.508-524
• /
• 2006

We present our experience of combining, in a realistic setting, a static analyzer with a statistical analysis. This combination is in order to reduce the inevitable false alarms from a domain-unaware static analyzer. Our analyzer named Airac(Array Index Range Analyzer for C) collects all the true buffer-overrun points in ANSI C programs. The soundness is maintained, and the analysis' cost-accuracy improvement is achieved by techniques that static analysis community has long accumulated. For still inevitable false alarms (e.g. Airac raised 970 buffer-overrun alarms in commercial C programs of 5.3 million lines and 737 among the 970 alarms were false), which are always apt for particular C programs, we use a statistical post analysis. The statistical analysis, given the analysis results (alarms), sifts out probable false alarms and prioritizes true alarms. It estimates the probability of each alarm being true. The probabilities are used in two ways: 1) only the alarms that have true-alarm probabilities higher than a threshold are reported to the user; 2) the alarms are sorted by the probability before reporting, so that the user can check highly probable errors first. In our experiments with Linux kernel sources, if we set the risk of missing true error is about 3 times greater than false alarming, 74.83% of false alarms could be filtered; only 15.17% of false alarms were mixed up until the user observes 50% of the true alarms.

• IE interfaces
• /
• v.21 no.1
• /
• pp.33-42
• /
• 2008

To analyze tens of thousands of alarms triggered by the intrusion detections systems (IDS) a day has been very time-consuming, requiring human administrators to stay alert for all time. But most of the alarms triggered by the IDS prove to be the false positives. If alarms could be correctly classified into the false positive and the false negative, then we could alleviate most of the burden of human administrators and manage the IDS far more efficiently. Therefore, we present a new approach based on attribute-oriented induction (AOI) to classify alarms into the false positive and the false negative. The experimental results show the proposed approach performs very well.

• Journal of Information Processing Systems
• /
• v.10 no.3
• /
• pp.459-470
• /
• 2014

In this paper, the average probability of the symbol error rate (SER) and throughput are studied in the presence of joint spectrum sensing and data transmission in a cognitive relay network, which is in the environment of an optimal power allocation strategy. In this investigation, the main component in calculating the secondary throughput is the inclusion of the spatial false alarms, in addition to the conventional false alarms. It has been shown that there exists an optimal secondary power amplification factor at which the probability of SER has a minimum value, whereas the throughput has a maximum value. We performed a Monte-Carlo simulation to validate the analytical results.

• Fire Science and Engineering
• /
• v.34 no.2
• /
• pp.30-40
• /
• 2020

In the event of a fire and a disaster, prompt and accurate alarms inside and outside the building are directly related to the minimization of damage and the success of life evacuation. However, due to unwanted fire alarms in automated fire detection systems, the number of dispatches by misunderstanding in the 119 service is increasing. This causes the insensitivity to the safety of building managers and the waste of the fire-fighting power. Therefore, in this study, the statistical databases and literature on unwanted fire alarms in Korea and abroad (USA, UK) were identified and the management systems for unwanted fire alarms were compared and analyzed to identify problems of statistics in the management systems for unwanted fire alarms.

• Proceedings of the Korean Nuclear Society Conference
• /
• 1995.10a
• /
• pp.185-190
• /
• 1995

Conventional alarm system has many difficulties in the operator's identifying the plant status during special situations such as design basis accidents. To solve the shortcomings, an on-line alarm annunciator system, called dynamic alarm console (DAC), was developed. In the DAC, a signal is generated as alarm by the use of an adaptive setpoint check strategy based on operating mode, and time delay technique is used not to generate nuisance alarms. After alarm generation, if activated alarm is a level precursor alarm or a consequencial alarm, it would be suppressed, and the residual alarms go through dynamic prioritization which provide the alarms with pertinent priorities to the current operating mode. Dynamic prioritization is achieved by going through the system- and mode-oriented prioritization. The DAC has the alarm hierarchical structure based on the physical and functional importance of alarms. Therefore the operator can perceive alarm impacts on the safety or performance of the plant with the alarm propagation from equipment level to plant functional level. In order to provide the operator with the most possible cause of the event and quick cognition of the plant status even without recognizing the individual alarms, reactor trip status tree (RTST) was developed. The DAC and the RTST have been simulated with on-line data obtained from the full-scope simulator for several abnormal cases. The results indicated that the system can provide the operator with useful and compact information fur the earlier termination and mitigation of an abnormal state.